"Define Security Requirements - A practical approach "
The link is about half-way down (JUN 2010) on the OWASP Ireland page.
The actual slides from the presentation are here.
In the talk I outline some steps that you should take at the beginning of a web development project to help you define security requirements. There are also some suggestions for good practice in relation to session management.
Finally, I have some slides about the User Life Cycle good practices, which I never got to during the talk. This section suggests good practices around the various stages:
- Forgotten Password Mechanism
- Logoff/Account Deletion